Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Oracle file permissions

Posted on 2006-04-20
5
Medium Priority
?
2,092 Views
Last Modified: 2013-12-27
A Security Readiness Review (SRR) script was run against our servers operating system and several STIG violations related to Oracle directories were found.
These files are listed below:

-rwsr-s--- 1 oracle dba 2986436 Mar 31 14:12 dbsnmp
-r-sr-s--- 1 oracle dba 11784 Oct 14 2004 oradism
-rwsr-s--x 1 oracle dba 65422428 Mar 31 16:53 oracle
-rwsr-s--x 1 oracle dba 65357392 Mar 31 14:13 oracleO
-rwSr----- 1 oracle dba 1536 Apr 12 01:06 orapwriacurw
-rwSr----- 1 oracle dba 1536 Apr 12 01:20 orapwriacutm

I am not familiar with how SUID and SGID works. Do these files have a sticky
bit set on them? The security team says that the permissions are a sticky bit violation and that they need to be changed (i.e. remove the s). My concern is  whether or not changing these permission to satisfy them will cause certain  processes not to run or break anything in Oracle. If these permission settings must remain this way then I have to supply a written justification. Can someone provide and explanation, guidance, and/or recommendation for this issue?
0
Comment
Question by:sikyala
  • 2
3 Comments
 
LVL 48

Accepted Solution

by:
Tintin earned 1000 total points
ID: 16503280
None of the files have a sticky bit set.

If they had a sticky bit, it would look like:

-rwsr-s--t 1 oracle dba 2986436 Mar 31 14:12 dbsnmp

Sticky bits are most commonly used on directories.  /tmp is a prime example where its permissions are 1777 (drwxrwxrwt).  The sticky bit prevents users deleting files in /tmp that aren't owned by them even though there is group write permission.

I really hope your security team knows the difference between sticky and suid and guid bits.

Essentially the permissions allow any user who is in the 'dba' group to be able to access and run most (not all) things that the 'oracle' user can.  If you don't have any users in the dba group, then you could possibilly change permissions
0
 
LVL 38

Assisted Solution

by:yuzh
yuzh earned 1000 total points
ID: 16503859
-rwsr-s--x 1 oracle dba 65422428 Mar 31 16:53 oracle
it is the correct permission.

to make sure when oracle is running as user pracle and group dba.

To learn more details about "SUID, SGID, and Sticky Bits", please read
http://www.unix.org.ua/orelly/networking/puis/ch05_05.htm
http://www.zzee.com/solutions/unix-permissions.shtml

If a script or program has permssions like:
-rwsr-s--x 1 root root  65422428 Mar 31 16:53 someapp

then you need to pay attention on what's someapp for.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 16513977
I can't see any valid reason to "Delete/NO refund" for this question.

Our comments lead to the answer of the question.

Have a nice weekend to all of you.

0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question